new actions

Author: michelle0927

components/splunk/actions/create-event/create-event.mjs

@@ -0,0 +1,58 @@
+import splunk from "../../splunk.app.mjs";
+
+export default {
+  key: "splunk-create-event",
+  name: "Create Event",
+  description: "Sends a new event to a specified Splunk index. [See the documentation](https://docs.splunk.com/Documentation/Splunk/9.4.1/RESTREF/RESTinput#receivers.2Fsimple)",
+  version: "0.0.1",
+  type: "action",
+  props: {
+    splunk,
+    selfSigned: {
+      propDefinition: [
+        splunk,
+        "selfSigned",
+      ],
+    },
+    indexName: {
+      propDefinition: [
+        splunk,
+        "indexName",
+        (c) => ({
+          selfSigned: c.selfSigned,
+        }),
+      ],
+    },
+    eventData: {
+      type: "string",
+      label: "Event Data",
+      description: "The data of the event to send to the Splunk index. Raw event text. This is the entirety of the HTTP request body",
+    },
+    source: {
+      type: "string",
+      label: "Source",
+      description: "The source value to fill in the metadata for this input's events",
+      optional: true,
+    },
+    sourcetype: {
+      type: "string",
+      label: "Sourcetype",
+      description: "The sourcetype to apply to events from this input",
+      optional: true,
+    },
+  },
+  async run({ $ }) {
+    const response = await this.splunk.sendEvent({
+      $,
+      selfSigned: this.selfSigned,
+      params: {
+        index: this.indexName,
+        source: this.source,
+        sourcetype: this.sourcetype,
+      },
+      data: this.eventData,
+    });
+    $.export("$summary", `Event sent to index ${this.indexName} successfully`);
+    return response;
+  },
+};

components/splunk/actions/get-search-job-status/get-search-job-status.mjs

@@ -0,0 +1,36 @@
+import splunk from "../../splunk.app.mjs";
+
+export default {
+  key: "splunk-get-search-job-status",
+  name: "Get Search Job Status",
+  description: "Retrieve the status of a previously executed Splunk search job. [See the documentation](https://docs.splunk.com/Documentation/Splunk/9.4.1/RESTREF/RESTsearch#search.2Fjobs)",
+  version: "0.0.1",
+  type: "action",
+  props: {
+    splunk,
+    selfSigned: {
+      propDefinition: [
+        splunk,
+        "selfSigned",
+      ],
+    },
+    searchId: {
+      propDefinition: [
+        splunk,
+        "searchId",
+        (c) => ({
+          selfSigned: c.selfSigned,
+        }),
+      ],
+    },
+  },
+  async run({ $ }) {
+    const response = await this.splunk.getSearchJobStatus({
+      $,
+      selfSigned: this.selfSigned,
+      searchId: this.searchId,
+    });
+    $.export("$summary", `Successfully retrieved status for job ID ${this.searchId}`);
+    return response;
+  },
+};

components/splunk/actions/run-search/run-search.mjs

@@ -0,0 +1,48 @@
+import splunk from "../../splunk.app.mjs";
+
+export default {
+  key: "splunk-run-search",
+  name: "Run Search",
+  description: "Executes a Splunk search query and returns the results. [See the documentation](https://docs.splunk.com/Documentation/Splunk/9.4.1/RESTREF/RESTsearch#search.2Fjobs)",
+  version: "0.0.1",
+  type: "action",
+  props: {
+    splunk,
+    selfSigned: {
+      propDefinition: [
+        splunk,
+        "selfSigned",
+      ],
+    },
+    query: {
+      type: "string",
+      label: "Search Query",
+      description: "The Splunk search query. Example: `search *`. [See the documentation](https://docs.splunk.com/Documentation/Splunk/9.4.1/SearchReference/Search) for more information about search command sytax.",
+    },
+    earliestTime: {
+      type: "string",
+      label: "Earliest Time",
+      description: "Specify a time string. Sets the earliest (inclusive), respectively, time bounds for the search. The time string can be either a UTC time (with fractional seconds), a relative time specifier (to now) or a formatted time string. Refer to [Time modifiers](https://docs.splunk.com/Documentation/Splunk/9.4.1/SearchReference/SearchTimeModifiers) for search for information and examples of specifying a time string.",
+      optional: true,
+    },
+    latestTime: {
+      type: "string",
+      label: "Latest Time",
+      description: "  Specify a time string. Sets the latest (exclusive), respectively, time bounds for the search. The time string can be either a UTC time (with fractional seconds), a relative time specifier (to now) or a formatted time string. Refer to [Time modifiers](https://docs.splunk.com/Documentation/Splunk/9.4.1/SearchReference/SearchTimeModifiers) for search for information and examples of specifying a time string.",
+      optional: true,
+    },
+  },
+  async run({ $ }) {
+    const response = await this.splunk.executeSearchQuery({
+      $,
+      selfSigned: this.selfSigned,
+      data: {
+        search: this.query,
+        earliest_time: this.earliestTime,
+        latest_time: this.latestTime,
+      },
+    });
+    $.export("$summary", `Executed Splunk search query: ${this.query}`);
+    return response;
+  },
+};

components/splunk/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pipedream/splunk",
-  "version": "0.0.1",
+  "version": "0.1.0",
   "description": "Pipedream Splunk Components",
   "main": "splunk.app.mjs",
   "keywords": [
@@ -11,5 +11,9 @@
   "author": "Pipedream <[email protected]> (https://pipedream.com/)",
   "publishConfig": {
     "access": "public"
+  },
+  "dependencies": {
+    "@pipedream/platform": "^3.0.3",
+    "https": "^1.0.0"
   }
-}
+}

components/splunk/sources/new-alert-instant/new-alert-instant.mjs

@@ -0,0 +1,117 @@
+import splunk from "../../splunk.app.mjs";
+
+export default {
+  key: "splunk-new-alert-instant",
+  name: "Splunk New Alert (Instant)",
+  description: "Emit new event when a saved search alert is triggered in Splunk. [See the documentation]()",
+  version: "0.0.{{ts}}",
+  type: "source",
+  dedupe: "unique",
+  props: {
+    splunk,
+    alertName: {
+      propDefinition: [
+        "splunk",
+        "alertName",
+      ],
+    },
+    pollingInterval: {
+      propDefinition: [
+        "splunk",
+        "pollingInterval",
+      ],
+    },
+    http: {
+      type: "$.interface.http",
+      customResponse: false,
+    },
+    db: "$.service.db",
+  },
+  hooks: {
+    async deploy() {
+      const currentTime = Math.floor(Date.now() / 1000);
+      const lastRunTime = currentTime - (this.pollingInterval || 60);
+      await this.db.set("lastRunTime", lastRunTime);
+    },
+    async activate() {
+      // No webhook creation needed for polling
+    },
+    async deactivate() {
+      // No webhook deletion needed for polling
+    },
+  },
+  methods: {
+    async getSearchResults(jobId) {
+      let results = [];
+      let offset = 0;
+      const count = 100;
+
+      while (true) {
+        const response = await this.splunk._makeRequest({
+          method: "GET",
+          path: `search/jobs/${jobId}/results`,
+          params: {
+            count,
+            offset,
+            output_mode: "json",
+          },
+        });
+
+        if (!response.results || response.results.length === 0) {
+          break;
+        }
+
+        results = results.concat(response.results);
+        offset += count;
+
+        if (response.results.length < count) {
+          break;
+        }
+      }
+
+      return results;
+    },
+  },
+  async run() {
+    const lastRunTime = (await this.db.get("lastRunTime")) || 0;
+    const currentTime = Math.floor(Date.now() / 1000);
+
+    let query = `_time > ${lastRunTime}`;
+    if (this.alertName) {
+      query = `savedsearch="${this.alertName}" AND _time > ${lastRunTime}`;
+    }
+
+    const searchJob = await this.splunk.search({
+      query,
+      earliestTime: lastRunTime,
+      latestTime: currentTime,
+    });
+
+    const jobId = searchJob.sid;
+
+    let jobStatus;
+    do {
+      jobStatus = await this.splunk.getSearchJobStatus({
+        jobId,
+      });
+      if (jobStatus.status === "DONE") break;
+      await new Promise((resolve) => setTimeout(resolve, 1000));
+    } while (true);
+
+    const results = await this.methods.getSearchResults(jobId);
+
+    for (const result of results) {
+      const eventData = result;
+
+      this.$emit(eventData, {
+        id: result._raw || JSON.stringify(result),
+        summary: `Alert "${this.alertName || "All Alerts"}" triggered.`,
+        ts: result._time
+          ? result._time * 1000
+          : Date.now(),
+      });
+    }
+
+    await this.db.set("lastRunTime", currentTime);
+  },
+};